Efficient Server-Aided Secure Two-Party Function Evaluation with Applications to Genomic Computation

Open access


Computation based on genomic data is becoming increasingly popular today, be it for medical or other purposes. Non-medical uses of genomic data in a computation often take place in a server-mediated setting where the server offers the ability for joint genomic testing between the users. Undeniably, genomic data is highly sensitive, which in contrast to other biometry types, discloses a plethora of information not only about the data owner, but also about his or her relatives. Thus, there is an urgent need to protect genomic data. This is particularly true when the data is used in computation for what we call recreational non-health-related purposes. Towards this goal, in this work we put forward a framework for server-aided secure two-party computation with the security model motivated by genomic applications. One particular security setting that we treat in this work provides stronger security guarantees with respect to malicious users than the traditional malicious model. In particular, we incorporate certified inputs into secure computation based on garbled circuit evaluation to guarantee that a malicious user is unable to modify her inputs in order to learn unauthorized information about the other user’s data. Our solutions are general in the sense that they can be used to securely evaluate arbitrary functions and offer attractive performance compared to the state of the art. We apply the general constructions to three specific types of genomic tests: paternity, genetic compatibility, and ancestry testing and implement the constructions. The results show that all such private tests can be executed within a matter of seconds or less despite the large size of one’s genomic data.

[1] 23andMe - Genetic Testing for Ancestry; DNA Test. http://www.23andme.com.

[2] Genealogy, Family Trees & Family History Records at Ancestry. com. http://www.ancestry.com.

[3] GenePartner.com - DNA matching: Love is no coincidence. http://www.genepartner.com.

[4] The JustGarble library. http://cseweb.ucsd.edu/groups/justgarble/.

[5] The Miracl library. http://http://www.certivox.com/miracl/.

[6] a. shelat and C. h. Shen. Two-output secure computation with malicious adversaries. In EUROCRYPT, 2011.

[7] G. Asharov, Y. Lindell, T. Schneider, and M. Zohner. More efficient oblivious transfer and extensions for faster secure computation. In CCS, 2013.

[8] E. Ayday, J. L. Raisaro, and J. Hubaux. Personal use of genomic data: Privacy vs. storage cost. In IEEE Global Communications Conference, pages 2723-2729, 2013.

[9] E. Ayday, J. L. Raisaro, and J.-P. Hubaux. Privacy-enhancing technology for medical tests using genomic data. Technical Report EPFL-REPORT-182897, EPFL, 2012.

[10] E. Ayday, J. L. Raisaro, J.-P. Hubaux, and J. Rougemont. Protecting and evaluating genomic privacy in medical tests and personalized medicine. In WPES, pages 95-106, 2013.

[11] E. Ayday, J. L. Raisaro, P. McLaren, J. Fellay, and J.-P. Hubaux. Privacy-preserving computation of disease risk by using genomic, clinical, and environmental data. In HealthTech, 2013.

[12] P. Baldi, R. Baronio, E. De Cristofaro, P. Gasti, and G. Tsudik. Countering GATTACA: Efficient and secure testing of fullysequenced human genomes. In CCS, pages 691-702, 2011.

[13] M. Bellare, V. Hoang, S. Keelveedhi, and P. Rogaway. Efficient garbling from a fixed-key blockcipher. In IEEE Symposium of Security and Privacy, pages 478-492, 2013.

[14] M. Beye, Z. Erkin, and R. Lagendijk. Efficient privacy preserving k-means clustering in a three-party setting. In WIFS, pages 1-6, 2011.

[15] F. Bruekers, S. Katzenbeisser, K. Kursawe, and P. Tuyls. Privacy-preserving matching of DNA profiles. IACR Cryptology ePrint Archive Report 2008/203, 2008.

[16] J. Camenisch and A. Lysyanskaya. A signature scheme with efficient protocols. In SCN, pages 268-289, 2002.

[17] J. Camenisch and A. Lysyanskaya. Signature schemes and anonymous credentials from bilinear maps. In CRYPTO, pages 56-72, 2004.

[18] J. Camenisch and M. Michels. Separability and efficiency for generic group signature schemes. In CRYPTO, 1999.

[19] J. Camenisch, D. Sommer, and R. Zimmermann. A general certification framework with applications to privacyenhancing certificate infrastructures. In Security and Privacy in Dynamic Environments, pages 25-37, 2006.

[20] J. Camenisch and M. Stadler. Efficient group signature schemes for large groups. In CRYPTO, 1997.

[21] J. Camenisch and M. Stadler. Proof systems for general statements about discrete logarithms. Technical report, Institute for Theoretical Computer Science, ETH Zurich, 1997.

[22] J. Camenisch and G. Zaverucha. Private intersection of certified sets. In FC, pages 108-127, 2009.

[23] H. Carter, C. Lever, and P. Traynor. Whitewash: Outsourcing garbled circuit generation for mobile devices. In ACSAC, pages 266-275, 2014.

[24] H. Carter, B. Mood, P. Traynor, and K. Butler. Secure outsourced garbled circuit evaluation for mobile devices. In USENIX Security Symposium, 2013.

[25] H. Carter, B. Mood, P. Traynor, and K. Butler. Outsourcing secure two-party computation as a black box. In CANS, pages 214-222, 2015.

[26] R. Cleve. Limits on the security of coin flips when half the processors are faulty. In STOC, pages 573-588, 1986.

[27] I. Damgard and E. Fujisaki. A statistically-hiding integer commitment scheme based on groups with hidden order. In ASIACRYPT, pages 125-142, 2002.

[28] E. De Cristofaro, S. Faber, P. Gasti, and G. Tsudik. GenoDroid: Are privacy-preserving genomic tests ready for prime time? In WPES, pages 97-107, 2012.

[29] E. De Cristofaro, S. Faber, and G. Tsudik. Secure genomic testing with size- and position-hiding private substring matching. In WPES, pages 107-118, 2012.

[30] E. De Cristofaro, S. Faber, and G. Tsudik. Secure genomic testing with size- and position-hiding private substring matching. In WPES, pages 107-118, 2013.

[31] E. De Cristofaro and G. Tsudik. Practical private set intersection protocols with linear complexity. In Financial Cryptography and Data Security (FC), pages 143-159, 2010.

[32] U. Feige, J. Kilian, and M. Naor. A minimal model for secure computation. In STOC, pages 554-563, 1994.

[33] A. Fiat and A. Shamir. How to prove yourself: Practical solutions to identification and signature scheme. In CRYPTO, pages 186-194, 1986.

[34] E. Fujisaki and T. Okamoto. Statistical zero knowledge protocols to prove modular polynomial relations. In CRYPTO, pages 16-30, 1997.

[35] R. Gennaro, C. Gentry, and B. Parno. Non-interactive verifiable computing: outsourcing computation to untrusted workers. In CRYPTO, pages 465-482, 2010.

[36] S. Goldwasser, Y. Kalai, and G. Rothblum. One-time programs. In CRYPTO, pages 39-56, 2008.

[37] D. He, N. Furlotte, F. Hormozdiari, J. Joo, A. Wadia, R. Ostrovsky, A. Sahai, and E. Eskin. Identifying genetic relatives without compromising privacy. Genome Research, 24:664-672, 2014.

[38] A. Herzberg and H. Shulman. Oblivious and fair server-aided two-party computation. In ARES, pages 75-84, 2012.

[39] A. Herzberg and H. Shulman. Oblivious and fair serveraided two-party computation. Information Security Technical Report, (17):210-226, 2013.

[40] F. Hormozdiari, J. Joo, A. Wadia, F. Guan, R. Ostrovsky, A. Sahai, and E. Eskin. Privacy preserving protocol for detecting genetic relatives using rare variants. In ISMB, pages 204-2011, 2014.

[41] Y. Huang, J. Katz, and D. Evans. Quid-pro-quo-tocols: Strengthening semi-honest protocols with dual execution. In IEEE Symposium of Security and Privacy, 2012.

[42] Y. Ishai, J. Kilian, K. Nissim, and E. Petrank. Extending oblivious transfers efficiently. In CRYPTO, pages 145-161, 2003.

[43] Y. Ishai, R. Kumaresan, E. Kushilevitz, and A. Paskin- Cherniavsky. Secure computation with minimal interaction, revisited. In CRYPTO, pages 359-378, 2015.

[44] T. Jakobsen, J. Nielsen, and C. Orlandi. A framework for outsourcing of secure computation. In ACM Workshop on Cloud Computing Security (CCSW), pages 81-92, 2014.

[45] S. Jarecki and V. Shmatikov. Efficient two-party secure computation on committed inputs. In EUROCRYPT, pages 97-114, 2007.

[46] S. Kamara, P. Mohassel, and M. Raykova. Outsourcing multiparty computation. IACR Cryptology ePrint Archive Report 2011/272, 2011.

[47] S. Kamara, P. Mohassel, and B. Riva. Salus: A system for server-aided secure function evaluation. In CCS, pages 797-808, 2012.

[48] J. Katz and L. Malka. Secure text processing with applications to private DNA matching. In CCS, pages 485-492, 2010.

[49] M. Kiraz, T. Schoenmakers, and J. Villegas. Efficient committed oblivious transfer of bit strings. In Information Security Conference (ISC), pages 130-144, 2007.

[50] V. Kolesnikov, R. Kumaresan, and A. Shikfa. Efficient verification of input consistency in server-assisted secure function evaluation. In CANS, pages 201-217, 2012.

[51] V. Kolesnikov and A. Malozemoff. Public verifiability in the covert model (almost) for free. In ASIACRYPT, 2015.

[52] V. Kolesnikov and T. Schneider. Improved garbled circuit: Free XOR gates and applications. In ICALP, pages 486-498, 2008.

[53] B. Kreuter, a. shelat, B. Mood, and K. Butler. PCF: A portable circuit format for scalable two-party secure computation. In USENIX Security Symposium, 2013.

[54] Y. Lindell. Fast cut-and-choose based protocols for malicious and covert adversaries. In CRYPTO, 2013.

[55] Y. Lindell and B. Pinkas. A proof of security of Yao’s protocol for two-party computation. Journal of Cryptology, 22(2):161-188, 2009.

[56] Y. Lindell and B. Pinkas. Secure two-party computation via cut-and-choose oblivious transfer. Journal of Cryptology, 25(4):680-722, 2012.

[57] P. Mohassel and M. Franklin. Efficiency tradeoffs for malicious two-party computation. In Public Key Cryptography, pages 458-73, 2006.

[58] P. Mohassel and B. Riva. Garbled circuits checking garbled circuits: More efficient and secure two-party computation. In CRYPTO, pages 36-53, 2013.

[59] P. Mohassel, M. Rosulek, and Y. Zhang. Fast and secure three-party computation: The garbled circuit approach. In CCS, pages 591-602, 2015.

[60] B. Mood, D. Gupta, K. Butler, and J. Feigenbaum. Reuse it or lose it: More efficient secure computation through reuse of encrypted values. In CCS, pages 582-596, 2014.

[61] M. Naor and B. Pinkas. Efficient oblivious transfer protocols. In SODA, pages 448-457, 2001.

[62] J. Nielsen, P. Nordholt, C. Orlandi, and S. Burra. A new approach to practical active-secure two-party computation. In CRYPTO, pages 681-700, 2012.

[63] S. Zahur, M. Rosulek, and D. Evans. Two halves make a whole: Reducing data transfer in garbled circuits using half gates. In EUROCRYPT, pages 220-250, 2015.

Journal Information

Cited By


All Time Past Year Past 30 Days
Abstract Views 0 0 0
Full Text Views 113 113 12
PDF Downloads 47 47 6